Personal Data Policy

Summary.

Your collected data is used only for the purposes of the annual Bidford Vintage Gathering.

We keep your data for 12 months it is then deleted from our records.

Any entrant not registered with Rally control will be deleted as soon as the information is available usually within 30 days of the show date.

You can ask us for details we hold for you. You have the right to have any such data corrected or deleted. Contact us at privacy@bidfordvintagegathering.co.uk

We never release your data to 3rd parties except in circumstances listed in the Full Privacy Policy below.

Personal data

This Privacy Policy aims to give you information on how we collect and use your personal data. To process your data we must have a lawful basis to do so. The law allows for six ways to process your personal data. We will process your personal data where:

  • You have given consent to the processing of your personal data for one or more specific purposes;
  • It is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • It is necessary for compliance with a legal obligation to which we are subject;
  • It is necessary in order to protect your vital interests;
  • It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • It is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

We are committed to protecting your personal information and respecting your privacy. We process your personal data when you access our Sites and Services. These include:

Corresponding with us using services such as web contact forms, webchat facility, telephone, email or written letter.

Some of our Sites and Services may include additional terms and conditions under an applicable end-user license agreement or terms of use.

We use your personal data in the following ways:

Carry out our obligations from any contracts you have entered into with us;

Respond to your enquiries and complaints;

Notify you about changes to our products and services.

Our legitimate interests

There are times when we will rely on legitimate interests to process personal data, particularly when it is not practical to obtain consent. We will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Examples are:

    • Reporting criminal acts and compliance with law enforcement agencies.
    • Internal and external audit for financial or regulatory compliance purposes.
    • Statutory reporting.
    • Maintenance of “do not contact” lists (suppression lists).
    • Physical and network security.
    • Financial management and control.

Categories of personal data you give to us

The personal data you give us includes:

    • Name
    • Address
    • Telephone number
    • Email address

Information we pass to third parties and other data sharing

In order to facilitate your use of our Site and Service, we may have to share your personal data with third parties to provide elements of our Site and Service to you. We will provide your personal data to third parties when they need the data to perform particular functions in delivering our Site and Service to you or as part of our regulatory compliance. These include:

  • Service providers acting as data processors, located in the UK and EU who provide data hosting facilities, IT and system administration services.
  • Service providers located in the UK and EU acting as data processors who administer our customer email service, webchat service, API Services.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data transfers to third countries

The data we collect from you may, on occasion, be processed at a destination outside the European Economic Area (EEA). It may also be processed by organisations operating outside the EEA who work for us as one of our suppliers. These organisations may be engaged in the fulfilment of your request, order or reservation, and the provision of support services.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

We will take steps reasonably necessary to ensure there is an adequate level of protection of your data and that your data is treated securely and in accordance with our Privacy Policy.

Data security

Once it is within our control, we will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retaining your personal information

We will retain your personal data for as long as necessary to fulfil the purposes for which we collected it We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints, or for as long as you remain a registered user.

To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see Right of Erasure below for further information.

 

Your data protection rights

Withdraw consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.

Right to be informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used.

Right of access – You can write to us asking what information we hold on you and to request a copy of that information.  This is called a Subject Access Request. From 25 May 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity.

Right of erasure – From 25 May 2018, you have the right to be forgotten (i.e. to have your personally identifiable data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you.

Right of rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected.  We may need to verify the accuracy of the new data provided to us.

Right to restrict processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

Right to object – You have an absolute right to stop the processing of your personal data for direct marketing purposes.

Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object. This right is more applicable to mortgage or finance situations. We do not undertake complex computerised decision making that produce legal effects.

Cookies

We use cookies to distinguish you from other users of our Site and Service. This helps us to provide you with a good experience when you use our Site and Service and also allows us to improve them. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Changes to this policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of any Services or Apps.

Contacting us

If you have any queries about this Privacy Policy, please contact us:  privacy@bidfordvintagegathering.co.uk

Complaints

If, for any reason, you have a complaint, please contact the Webmaster/Data Protection Officer to discuss your concerns.

Following this, if you are still dissatisfied, you are able to contact the Information Commissioner’s Office directly at the contact details below.

Information Commissioner: Contact telephone number: 0303 123 1113. Website: ICO website https://ico.org.uk/